Hackers pilfer credit card data from Neiman Marcus customers

Luxury retailer now is not sure how many customers were affected by the hack.

On Friday evening, luxury retailer Neiman Marcus admitted that it had suffered a data breach exposing customers' credit card information and that it was working with federal investigators to find out the extent of the damage. The company told security writer Brian Krebs that it was not sure how many customers were affected or now the hack was caused.

Further Reading

Data sold in black markets for as much as $100 per card, KrebsonSecurity says.

Krebs, who appears to have unearthed news of the hack first, explains: “Earlier this week, I began hearing from sources in the financial industry about an increasing number of fraudulent credit and debit card charges that were being traced to cards that had been very recently used at brick-and-mortar stores run by the Dallas, Texas based high-end retail chain. Sources said that while it appears the fraud on those stolen cards was perpetrated at a variety of other stores, the common point of purchase among the compromised cards was Neiman Marcus.”

For its part, Neiman Marcus said in an official statement that its credit card processor alerted the chain in mid-Decemeber about “potentially unauthorized payment card activity that occurred following customer purchases at our Neiman Marcus Group stores.”

The retailer then contacted the authorities and hired a forensics firm to investigate. “On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers’ cards were possibly compromised as a result,” Neiman Marcus continued. “We have begun to contain the intrusion and have taken significant steps to further enhance information security.”

The company also tweeted late last night, “We are taking steps, where possible, to notify customers whose cards we know were used fraudulently after purchasing at our stores.”

The breach comes only a few weeks after hackers made Target, well, a target, stealing data on 70 million customers and stealing information on some 40 million credit cards. The two hacks have not been linked in any way, although the timing of the two hacks is similar.